Check out Net Bird
Comment on What do people here think of Nebula?
ShortN0te@lemmy.ml 2 months agoThe benefits are obvious:
- No port forwarding needed
- Central Auth management
- Easy integration of new devices
Not saying you should do it or that it is better overall, but ignoring those is not fair.
Personally i would never go for Tailscale since i give away the access control to my kingdom to a company. Exactly what i want to get away from through selfhosting.
paperd@lemmy.zip 2 months ago
sugar_in_your_tea@sh.itjust.works 2 months ago
Exactly. I tried Tailscale to get things off the ground, but it didn’t do precisely what I wanted, so I abandoned it and built exactly what I needed, which for me was a VPN at the gateway that tunneled SSL traffic via HAProxy to my internal network.
If Nebula solves your problems, great! I find I don’t need its features, and prefer to keep things relatively simple, which for me is a WireGuard VPN and a handful of containers to run my things. My setup is basically HAProxy -> Wireguard VPN -> Caddy (TLS termination; docker container) -> Docker container on internal network. HAProxy routes to the appropriate machine, and Caddy renews TLS certs and routes to the appropriate container. I could probably accomplish the same w/ Nebula, but I understand my setup a bit more than Nebula.
y0kai@lemmy.dbzer0.com 2 months ago
Doesn’t selfhosting headscale prevent the keys to the kingdom thing you’re talking about?
ShortN0te@lemmy.ml 2 months ago
Yes. But it removes some benefits. You again open some ports or use a VPS to host it. The benefit of not needing to have open ports on other servers and central auth and management still stands.
milicent_bystandr@lemm.ee 2 months ago
Nebula you also need a VPS or something public for the coordination server (‘lighthouse node’). Seems there’s no way around that at the moment: at least one machine, of your own or another’s, has to have a public IP so the other machines can learn how to connect to each other.